IPSession.GetNextStreamDirection C# (CSharp)のコード例

コード例 #1

0

ファイルを表示

        public override bool HandleSession(IPSession session)
        {
            logger.AddMessage(String.Format("session.LocalEndpoint.Port={0}, session.RemoteEndpoint.Port={1}",
                                            session.LocalEndpoint.Port, session.RemoteEndpoint.Port));
            if (session.RemoteEndpoint.Port == MSN_SB_PORT)
            {
                return(HandleSwitchboardSession(session));
            }

            PacketStream stream = session.GetNextStreamDirection();

            if (stream.GetBytesAvailable() < 8)
            {
                return(false);
            }

            List <PacketSlice> lenSlices = new List <PacketSlice>(1);
            UInt32             len       = stream.ReadU32LE(lenSlices);

            if (len != 4)
            {
                return(false);
            }

            List <PacketSlice> contentSlices = new List <PacketSlice>(1);
            string             str           = stream.ReadCStringASCII((int)len, contentSlices);

            if (str != "foo")
            {
                return(false);
            }

            TransactionNode magicNode = new TransactionNode("MSNP2PDirectMagic");

            magicNode.Description = magicNode.Name;

            magicNode.AddField("Length", len, "Magic length.", lenSlices);
            magicNode.AddField("Magic", str, "Magic string.", contentSlices);

            TransactionNode requestNode = ReadNextP2PDirectMessage(stream, "Request");

            stream = session.GetNextStreamDirection();
            TransactionNode responseNode = ReadNextP2PDirectMessage(stream, "Response");

            TransactionNode handshakeNode = new TransactionNode("MSNP2PDirectHandshake");

            handshakeNode.Description = handshakeNode.Name;
            handshakeNode.AddChild(requestNode);
            handshakeNode.AddChild(responseNode);

            session.AddNode(magicNode);
            session.AddNode(handshakeNode);

            ReadAllP2PDirectMessages(session, session.GetNextStreamDirection());
            ReadAllP2PDirectMessages(session, session.GetNextStreamDirection());

            return(true);
        }

コード例 #2

0

ファイルを表示

        public override VisualTransaction[] GetTransactions(IPSession session)
        {
            List <VisualTransaction> transactions = new List <VisualTransaction>();

            session.ResetState();

            PacketStream stream1 = session.GetNextStreamDirection();
            PacketStream stream2 = session.GetNextStreamDirection();

            List <IPPacket> packets = new List <IPPacket>(stream1.Packets.Count + stream2.Packets.Count);

            packets.AddRange(stream1.Packets);
            packets.AddRange(stream2.Packets);
            packets.Sort();

            VisualTransaction transaction = null;
            MemoryStream      previewData = new MemoryStream();
            int transferred = 0;

            foreach (IPPacket packet in packets)
            {
                if (transaction == null || (transaction != null && packet.Direction != transaction.Direction))
                {
                    if (transaction != null)
                    {
                        transaction.AddHeaderField("Size", transferred);

                        byte[] bytes = previewData.ToArray();
                        transaction.SetBodyFromPreviewData(bytes, bytes.Length);
                    }

                    transaction = new VisualTransaction(packet.Index, packet.Direction, packet.Timestamp);
                    transaction.AddHeaderField("Direction", packet.Direction);
                    transaction.HeaderRowsPerCol = 1;
                    transactions.Add(transaction);
                    previewData.SetLength(0);
                    transferred = 0;
                }

                transaction.EndTime = packet.Timestamp;

                previewData.Write(packet.Bytes, 0, packet.Bytes.Length);

                transferred += packet.Bytes.Length;
            }

            if (transaction != null)
            {
                transaction.AddHeaderField("Size", transferred);

                byte[] bytes = previewData.ToArray();
                transaction.SetBodyFromTruncatedPreviewData(bytes, transferred - bytes.Length);
            }

            return(transactions.ToArray());
        }

コード例 #3

0

ファイルを表示

ファイル: Oracle.cs プロジェクト: wyrover/ospy

        public override bool HandleSession(IPSession session)
        {
            //List<Configuration.Setting> settings = Configuration.ParserConfiguration.Settings[Name()];
            //foreach(Configuration.Setting setting in settings)
            //    logger.AddMessage("Using property {0} with value {1}", setting.Property, setting.Value);
            PacketStream stream = session.GetNextStreamDirection();

            if ((session.RemoteEndpoint.Port == 1521) || (session.RemoteEndpoint.Port == redirPort))
            {
                //we're either connected to the standard Oracle port or the redirected port
            }
            else
            {
                return(false);
            }
            while (true)
            {
                try {
                    TransactionNode transaction = new TransactionNode("OracleTransaction");
                    transaction.Description = transaction.Name;
                    TransactionNode tnsNode = ExtractTNSData(stream, StreamDirection.OUT);
                    if (tnsNode != null)
                    {
                        transaction.AddChild(tnsNode);
                    }
                    //response stream
                    stream = session.GetNextStreamDirection();
                    if (stream.GetBytesAvailable() != 0)
                    {
                        tnsNode = ExtractTNSData(stream, StreamDirection.IN);

                        if (tnsNode != null)
                        {
                            transaction.AddChild(tnsNode);
                        }
                    }
                    if (transaction.Children.Count > 0)
                    {
                        session.AddNode(transaction);
                    }
                    //request stream (if exists)
                    stream = session.GetNextStreamDirection();

                    if (stream.GetBytesAvailable() == 0)
                    {
                        break;
                    }
                } catch (EndOfStreamException) {
                    break;
                }
            }
            return(true);
        }

コード例 #4

0

ファイルを表示

        public override bool HandleSession(IPSession session)
        {
            if (session.RemoteEndpoint == null || session.RemoteEndpoint.Port != XMPP_PORT)
            {
                return(false);
            }

            PacketStream stream = session.GetNextStreamDirection();

            if (stream.PeekStringUTF8(8) != "<stream")
            {
                return(false);
            }

            // FIXME

            return(false);
        }

コード例 #5

0

ファイルを表示

ファイル: RAPI.cs プロジェクト: wyrover/ospy

        public override bool HandleSession(IPSession session)
        {
            if (session.LocalEndpoint == null || session.LocalEndpoint.Port != 990)
            {
                return(false);
            }

            this.session = session;
            stream       = session.GetNextStreamDirection();

            // The device should send the first DWORD of the handshake
            if (stream.CurPacket.Direction == PacketDirection.PACKET_DIRECTION_INCOMING)
            {
                HandleRapiHandshake();
            }

            if (stream.GetBytesAvailable() >= 4)
            {
                HandleRapiSession();
            }

            return(true);
        }

コード例 #6

0

ファイルを表示

        private bool HandleSwitchboardSession(IPSession session)
        {
            List <PacketSlice> slices = new List <PacketSlice>(1);

            logger.AddMessage(String.Format("\r\n\r\nparsing session with remote endpoint: {0}\r\n", session.RemoteEndpoint));

            while (true)
            {
                PacketStream stream = session.GetNextStreamDirection();

                if (stream.GetBytesAvailable() == 0)
                {
                    stream = session.GetNextStreamDirection();
                    if (stream.GetBytesAvailable() == 0)
                    {
                        break;
                    }
                }

                IPPacket        pkt       = stream.CurPacket;
                PacketDirection direction = pkt.Direction;

                try
                {
                    string line = stream.PeekLineUTF8();

                    // Split the line up into CMD and the rest (being arguments, if any)
                    string[] tokens = line.Split(new char[] { ' ' }, 2);

                    logger.AddMessage(String.Format("{0} parsing command '{1}' (line: {2})",
                                                    (direction == PacketDirection.PACKET_DIRECTION_INCOMING) ? "<<" : ">>",
                                                    tokens[0], line));

                    // Set cmd and create an array of arguments if present
                    string   cmd       = tokens[0];
                    string[] arguments = new string[0];
                    if (tokens.Length > 1)
                    {
                        arguments = tokens[1].Split(new char[] { ' ' });
                    }

                    // Create command node
                    TransactionNode node = new TransactionNode("MSNSBCommand");
                    node.Description = cmd;

                    // Command field
                    stream.ReadBytes(StaticUtils.GetUTF8ByteCount(tokens[0]), slices);
                    node.AddField("Command", tokens[0], "Switchboard command.", slices);

                    if (arguments.Length > 0)
                    {
                        // Skip space between command and arguments
                        stream.ReadByte();

                        stream.ReadBytes(StaticUtils.GetUTF8ByteCount(tokens[1]), slices);

                        // Arguments fields
                        node.AddField("Arguments", tokens[1], "Arguments to command.", slices);
                    }

                    // Skip CRLF
                    stream.ReadBytes(2);

                    // Is there a payload?
                    bool hasPayload = false;
                    if (arguments.Length > 0)
                    {
                        List <string> payloadCommands =
                            (direction == PacketDirection.PACKET_DIRECTION_OUTGOING) ? payloadCommandsFromClient : payloadCommandsFromServer;

                        hasPayload = payloadCommands.Contains(cmd);
                    }

                    if (hasPayload)
                    {
                        int payloadLength = -1;

                        try
                        {
                            payloadLength = (int)Convert.ToUInt32(arguments[arguments.Length - 1]);
                        }
                        catch (FormatException)
                        {
                        }

                        if (payloadLength > 0)
                        {
                            TransactionNode payloadNode = new TransactionNode(node, "Payload");

                            logger.AddMessage(String.Format("Parsing {0} bytes of payload", payloadLength));

                            PayloadFormat format = PayloadFormat.TEXT;

                            string cmdUpper = cmd.ToUpper();
                            if (payloadCommandFormats.ContainsKey(cmdUpper))
                            {
                                format = payloadCommandFormats[cmdUpper];
                            }

                            if (format == PayloadFormat.MESSAGE)
                            {
                                SBParseMSG(stream, payloadNode, payloadLength);
                            }
                            else
                            {
                                string body = stream.ReadStringUTF8(payloadLength, slices);

                                switch (format)
                                {
                                case PayloadFormat.SLP:
                                    payloadNode.AddTextField("MSNSLP", body, "MSNSLP data.", slices);
                                    break;

                                case PayloadFormat.XML:
                                    payloadNode.AddXMLField("XML", body, "XML data.", slices);
                                    break;

                                default:
                                    payloadNode.AddTextField("Text", body, "Text.", slices);
                                    break;
                                }
                            }
                        }
                    }

                    session.AddNode(node);
                }
                catch (EndOfStreamException e)
                {
                    logger.AddMessage(String.Format("MSNSwitchboard: EOS at {0} ({1})", stream.Position, e));
                    break;
                }
            }

            logger.AddMessage("done with session\r\n\r\n");

            return(true);
        }

コード例 #7

0

ファイルを表示

ファイル: RAPI.cs プロジェクト: wyrover/ospy

        private void HandleRapiHandshake()
        {
            RAPIConnectionState state = RAPIConnectionState.HANDSHAKE;

            List <PacketSlice> slices = new List <PacketSlice>();
            TransactionNode    parentNode, node;
            string             str;
            UInt32             val;

            // Read and verify the initial request
            UInt32 initialRequest = stream.ReadU32LE(slices);

            if (initialRequest != NOTIFY_INITIAL_HANDSHAKE && initialRequest != NOTIFY_CONNECTION_READY)
            {
                logger.AddMessage("RAPI protocol error, unknown initial request {0}", initialRequest);
                return;
            }

            node             = new TransactionNode((initialRequest == 0) ? "RAPIInitialHandshake" : "RAPIConnectionStart");
            node.Description = node.Name;

            node.AddField("InitialRequest", (initialRequest == NOTIFY_INITIAL_HANDSHAKE) ? "NOTIFY_INITIAL_HANDSHAKE" : "NOTIFY_CONNECTION_READY", "Initial request.", slices);

            // Now it's our turn
            stream = session.GetNextStreamDirection();

            if (initialRequest == NOTIFY_INITIAL_HANDSHAKE)
            {
                UInt32 firstPing = stream.ReadU32LE(slices);
                node.AddField("FirstPing", firstPing, "First ping, should be 3.", slices);

                // And the first pong
                stream = session.GetNextStreamDirection();

                UInt32 firstPong = stream.ReadU32LE(slices);
                node.AddField("FirstPong", firstPong, "First pong, should be 4 for older WM5, 6 for newer versions.", slices);

                if (firstPong == 6)
                {
                    // Now we're supposed to send 4 DWORDs
                    stream = session.GetNextStreamDirection();

                    UInt32 secondPing = stream.ReadU32LE(slices);
                    node.AddField("SecondPingValue1", secondPing, "Second ping value #1, should be 7.", slices);

                    secondPing = stream.ReadU32LE(slices);
                    node.AddField("SecondPingValue2", secondPing, "Second ping value #2, should be 8.", slices);

                    secondPing = stream.ReadU32LE(slices);
                    node.AddField("SecondPingValue3", secondPing, "Second ping value #3, should be 4.", slices);

                    secondPing = stream.ReadU32LE(slices);
                    node.AddField("SecondPingValue4", secondPing, "Second ping value #4, should be 1.", slices);

                    // And the device should reply
                    stream = session.GetNextStreamDirection();

                    UInt32 secondPong = stream.ReadU32LE(slices);
                    node.AddField("SecondPong", secondPong, "Second pong, should be 4.", slices);
                }

                // Got it
                session.AddNode(node);

                parentNode             = new TransactionNode("RAPIDeviceInfo");
                parentNode.Description = parentNode.Name;

                UInt32 deviceInfoLen       = stream.ReadU32LE(slices);
                UInt32 remainingDevInfoLen = deviceInfoLen;
                parentNode.AddField("Length", deviceInfoLen, "Device info length.", slices);

                if (deviceInfoLen > MAX_DEVICE_INFO_LENGTH)
                {
                    logger.AddMessage("RAPI protocol error, length of the device info package should be below {0}, was {1}", MAX_DEVICE_INFO_LENGTH, deviceInfoLen);
                    return;
                }

                node = new TransactionNode(parentNode, "DeviceInfo");

                Guid guid = new Guid(stream.ReadBytes(16, slices));
                str = String.Format("{{0}}", guid.ToString());
                node.AddField("DeviceGUID", str, "Device GUID.", slices);
                remainingDevInfoLen -= 16;

                val = stream.ReadU32LE(slices);
                node.AddField("OsVersionMajor", val, "OS version, major.", slices);
                remainingDevInfoLen -= 4;

                val = stream.ReadU32LE(slices);
                node.AddField("OsVersionMinor", val, "OS version, minor.", slices);
                remainingDevInfoLen -= 4;

                val = stream.ReadU32LE(slices);
                node.AddField("DeviceNameLength", val, "Device name length (in characters, not bytes).", slices);
                remainingDevInfoLen -= 4;

                // calculate the string size in unicode, with terminating NUL word
                val = (val + 1) * 2;
                str = stream.ReadCStringUnicode((int)val, slices);
                node.AddField("DeviceName", str, "Device name.", slices);
                remainingDevInfoLen -= val;

                val = stream.ReadU32LE(slices);
                node.AddField("DeviceVersion", StaticUtils.FormatFlags(val), "Device version.", slices);
                remainingDevInfoLen -= 4;

                val = stream.ReadU32LE(slices);
                node.AddField("DeviceProcessorType", StaticUtils.FormatFlags(val), "Device processor type.", slices);
                remainingDevInfoLen -= 4;

                val = stream.ReadU32LE(slices);
                node.AddField("Unknown1", StaticUtils.FormatFlags(val), "Counter or a flag? ANDed with 0xFFFFFFFE in the code (should take a closer look at this).", slices);
                remainingDevInfoLen -= 4;

                val = stream.ReadU32LE(slices);
                node.AddField("CurrentPartnerId", StaticUtils.FormatFlags(val), "Current partner id.", slices);
                remainingDevInfoLen -= 4;

                val = stream.ReadU32LE(slices);
                node.AddField("DeviceId", StaticUtils.FormatFlags(val), "Current device id. Lives in HKCU\\Software\\Microsoft\\Windows CE Services\\Partners\\<DeviceIdentifier>.", slices);
                remainingDevInfoLen -= 4;

                /*
                 * dw = stream.ReadU32LE(slices);
                 * node.AddField("PlatformNameLength", dw, "Platform name length.", slices);
                 * remainingDevInfoLen -= 4;*/

                // Don't swallow the 4 last
                remainingDevInfoLen -= 4;

                byte[] bytes = stream.ReadBytes((int)remainingDevInfoLen, slices);
                node.AddField("UnknownData1", StaticUtils.FormatByteArray(bytes), "Unknown device info data.", slices);

                val = stream.ReadU32LE(slices);
                node.AddField("PasswordMask", StaticUtils.FormatFlags(val), "Password mask. Non-zero if a password is set.", slices);
                remainingDevInfoLen -= 4;

                state = (val != 0) ? RAPIConnectionState.AUTH : RAPIConnectionState.SESSION;

                // Now it's our turn
                stream = session.GetNextStreamDirection();

                node = parentNode;
            }
            else
            {
                state = RAPIConnectionState.SESSION;
            }

            // Add the last node for each case
            session.AddNode(node);

            while (state == RAPIConnectionState.AUTH)
            {
                parentNode             = new TransactionNode("RAPIAuthAttempt");
                parentNode.Description = parentNode.Name;

                node = new TransactionNode(parentNode, "Request");

                val = stream.ReadU16LE(slices);
                node.AddField("Length", val, "Authentication data length.", slices);

                byte[] bytes = stream.ReadBytes((int)val, slices);
                node.AddField("Data", StaticUtils.FormatByteArray(bytes), "Authentication data.", slices);

                stream = session.GetNextStreamDirection();

                node = new TransactionNode(parentNode, "Response");

                val = stream.ReadU16LE(slices);
                node.AddField("Success", (val != 0) ? "TRUE" : "FALSE", "Whether the authentication attempt was successful.", slices);

                session.AddNode(parentNode);

                stream = session.GetNextStreamDirection();

                if (val != 0)
                {
                    state = RAPIConnectionState.SESSION;
                }
            }
        }

コード例 #8

0

ファイルを表示

ファイル: HTTP.cs プロジェクト: wyrover/ospy

        public override bool HandleSession(IPSession session)
        {
            PacketStream stream = session.GetNextStreamDirection();
            string       line;

            try
            {
                line = stream.PeekLineUTF8();
            }
            catch (EndOfStreamException)
            {
                return(false);
            }

            string[] tokens = line.Split(new char[] { ' ' });
            if (!tokens[tokens.Length - 1].StartsWith("HTTP/1."))
            {
                return(false);
            }

            // At this point it should be safe enough to assume we're
            // dealing with an HTTP session.

            while (true)
            {
                try
                {
                    TransactionNode transaction = new TransactionNode("HTTPTransaction");

                    TransactionNode request = ExtractHttpData(stream, HTTPTransactionType.REQUEST);
                    transaction.AddChild(request);

                    string desc = request.Description;

                    stream = session.GetNextStreamDirection();
                    if (stream.GetBytesAvailable() != 0)
                    {
                        TransactionNode response = ExtractHttpData(stream, HTTPTransactionType.RESPONSE);
                        transaction.AddChild(response);

                        if (response.Fields.ContainsKey("Result") &&
                            ((string)response.Fields["Result"]).StartsWith("100 "))
                        {
                            response = ExtractHttpData(stream, HTTPTransactionType.RESPONSE, "Response2");
                            transaction.AddChild(response);
                        }

                        desc += " => " + response.Description;
                    }

                    transaction.Description = desc;

                    session.AddNode(transaction);

                    stream = session.GetNextStreamDirection();
                    if (stream.GetBytesAvailable() == 0)
                    {
                        break;
                    }
                }
                catch (EndOfStreamException)
                {
                    logger.AddMessage("HTTP premature EOF");
                    break;
                }
                catch (ProtocolError)
                {
                    logger.AddMessage("HTTP protocol error");
                    break;
                }
            }

            return(true);
        }

C# (CSharp) IPSession.GetNextStreamDirectionの例